Skip to main content

Bundler

3 CVEs product

Monthly

CVE-2021-43809 Ruby HIGH POC PATCH This Week

`Bundler` is a package for managing application dependencies in Ruby. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

RCE Command Injection Bundler
NVD GitHub
CVSS 3.1
7.3
EPSS
2.8%
CVE-2016-7954 Ruby CRITICAL POC PATCH Act Now

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Bundler
NVD GitHub
CVSS 3.0
9.8
EPSS
2.8%
CVE-2013-0334 Ruby MEDIUM PATCH This Month

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Bundler Opensuse Fedora
NVD
CVSS 2.0
5.0
EPSS
0.5%
EPSS 3% CVSS 7.3
HIGH POC PATCH This Week

`Bundler` is a package for managing application dependencies in Ruby. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

RCE Command Injection Bundler
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Bundler
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Bundler Opensuse +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy